The 'R' in STRIDE threat modeling was always a bit undervalued. Important, yes, but as long as you logged all the things and had a transaction record you' were good.

But in agentic AI, (non-)repudiation becomes far more important. Not only to trace what agents do, but also to ensure that agents act according to the wishes, expectations and instructions of their human operators, and that buyers and sellers agree on what happened.

From being important, but not particularly complex, Repudiation is now a full first class citizen among Spoofing, Tampering, Information Disclosure, Denial of Service and Elevation of Privileges

Registration is open for DC's Next Top Threat Model at @defcon 33. Visit https://threatmodel.us to learn more about our contest and register.

I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!

Watch us here: https://twp.ai/4ipiK6

@KimWuyts #privacy #threatmodeling

Level up your skills with one of our 2-Day Training Sessions at OWASP Global AppSec USA 2025!

REGISTER: https://owasp.glueup.com/event/131624/register/

Choose from two powerhouse training sessions, Nov 4–5 in Washington, D.C.:

Whiteboard Hacking with Robert Hurlbut: Hands-on threat modeling led by industry pros

Attacking AI with Jason Haddix: Explore the offensive side of AI security

OWASP Global AppSec USA 2025 is coming to Washington, D.C. Nov 3–7!

Join 800+ security pros for hands-on trainings, top-tier keynotes, CTFs, and real-world insights across 6 dynamic tracks.

Connect, learn, and level up in the heart of AppSec innovation.

Training: Nov 3–5 | Conference: Nov 6–7

Register now: https://owasp.glueup.com/event/131624/register/

We’re thrilled to welcome two of the industry’s most respected voices to the keynote lineup this November in Washington, D.C.:

Daniel Miessler – AI & Security Researcher, Entrepreneur, and Founder of Unsupervised Learning.

Adam Shostack – Renowned threat modeling expert, consultant, and author at Shostack & Associates.

Register now: https://owasp.glueup.com/event/131624/register/

DC's Next Top Threat Model is back for @defcon 33!! Visit https://threatmodel.us for more details.

Only have one day to train? Make it count.

Join us on at OWASP Global AppSec USA 2025 in Washington, D.C. for a full day of expert-led, hands-on security training.

Whether you're a builder, breaker, defender, or manager, there's a course to help you go deeper.

Register: https://owasp.glueup.com/event/131624/register/

I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!

Watch us here: https://twp.ai/4inxqU

@KimWuyts #privacy #threatmodeling

Join renowned expert Adam Shostack for a 3-day Threat Modeling Intensive, Nov 3–5, at OWASP Global AppSec USA 2025.

You’ll sharpen core threat modeling skills, then dive into how AI can support (and sometimes confuse) the process. Learn to evaluate what AI tools get right—and wrong—and how to integrate them responsibly into your security workflows.

REGISTER: https://owasp.glueup.com/event/131624/register/

Join Robert Hurlbut for AI Whiteboard Hacking, a 2-day hands-on threat modeling training, happening Nov 4–5 at OWASP Global AppSec USA 2025.

Register: https://owasp.glueup.com/event/131624/register/

Explore real-world AI threats like prompt injection and data poisoning and learn how to design secure AI systems using the proven DICE methodology.

I interviewed Kim Wuyts for a #Semgrep fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!

Watch us here: https://twp.ai/4io15f

@KimWuyts #privacy #threatmodeling